From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 01E5F158009 for ; Fri, 30 Jun 2023 05:19:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EF441E07F0; Fri, 30 Jun 2023 05:19:40 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CE8A5E07F0 for ; Fri, 30 Jun 2023 05:19:40 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 941D1340F72 for ; Fri, 30 Jun 2023 05:19:39 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2B3B8AC2 for ; Fri, 30 Jun 2023 05:19:38 +0000 (UTC) From: "Robin H. Johnson" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Robin H. Johnson" Message-ID: <1688102338.6dd35cefc5fcaf0662708b5952038bce528979ff.robbat2@gentoo> Subject: [gentoo-commits] proj/qa-scripts:master commit in: / X-VCS-Repository: proj/qa-scripts X-VCS-Files: keyrings.inc.bash X-VCS-Directories: / X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson X-VCS-Revision: 6dd35cefc5fcaf0662708b5952038bce528979ff X-VCS-Branch: master Date: Fri, 30 Jun 2023 05:19:38 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 9994fc3e-90ff-4a3b-bd28-9fb8b4ec5b0d X-Archives-Hash: 4f3aced98a10ae8249e830eb30df1f54 commit: 6dd35cefc5fcaf0662708b5952038bce528979ff Author: Robin H. Johnson gentoo org> AuthorDate: Fri Jun 30 05:18:58 2023 +0000 Commit: Robin H. Johnson gentoo org> CommitDate: Fri Jun 30 05:18:58 2023 +0000 URL: https://gitweb.gentoo.org/proj/qa-scripts.git/commit/?id=6dd35cef keyrings.inc.bash: ensure there is a checksum to verify the download for corruption (integrity only, not authenticity) Signed-off-by: Robin H. Johnson gentoo.org> keyrings.inc.bash | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/keyrings.inc.bash b/keyrings.inc.bash index cc89de0..32fc03f 100644 --- a/keyrings.inc.bash +++ b/keyrings.inc.bash @@ -96,7 +96,8 @@ export_keys() { DST="$1" shift setup_tmp - TMP="${GPG_TMPDIR}"/$(basename "${DST}") + BASENAME=$(basename "${DST}") + TMP="${GPG_TMPDIR}/${BASENAME}" # Must not exist, otherwise GPG will give error [[ -f "${TMP}" ]] && rm -f "${TMP}" # 'gpg --export' returns zero if there was no error with the command itself @@ -116,12 +117,17 @@ export_keys() { echo "Unable to export keys to $DST: GPG failed to list packets" exit 1 fi + + # Ensure we have a checksum to verify the file. + rhash --bsd --sha256 --sha512 --blake2b "${TMP}" |sed "s,${TMP},${BASENAME},g" >"${TMP}.DIGESTS" + # Check if the textual format has changed at all, and emit the new version # if there are ANY changes at all. if ! cmp -s "${DST}.packets.txt" "${TMP}.packets.txt"; then chmod a+r "${TMP}" mv -f "${TMP}" "${DST}" mv -f "${TMP}.packets.txt" "${DST}.packets.txt" + mv -f "${TMP}.DIGESTS" "${DST}.DIGESTS" fi # Cleanup anyway rm -f "${TMP}.packets.txt" "${TMP}"